Red Hat Security Advisory 2017-3248 - New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.8, 1.1.5 and 2.0.3. Security Fixes: By providing an invalid culture, an attacker can cause a recursive lookup that leads to a denial of service. Supplying a specially crafted certificate can cause an infinite X509Chain, resulting in a denial of service.
8ff114e8679f60df26f44eba5f5c2dd0bf7819fa4f16c45415e68b4ff579fae0
Ubuntu Security Notice 3485-2 - USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
597350ff836581dc17ad6aa5bec80c72eac0162d390d76de34d29c1839a5fbb7
Ubuntu Security Notice 3485-1 - It was discovered that a race condition existed in the ALSA subsystem of the Linux kernel when creating and deleting a port via ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
546f57a61d7f4e9adee1338479f7bc862b64c3c8304dffc7e4248d96a0cb6f93
Ubuntu Security Notice 3484-2 - USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS. Various other issues were also addressed.
9fd32fa61639ab8b1ab70c1926dc1d280962737e709e3e897b32100524338a36
Ubuntu Security Notice 3484-1 - It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code in the host OS.
b54e6beff6a8b1271d0f859508d94f8ec11fff67e3190b5d659178e6637b0847
Ubuntu Security Notice 3480-2 - USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash forwarding to containers. This update addresses the problems. Various other issues were also addressed.
b685ba980d8455d1b62dd826d7ee960c69987202ff999a8398f46ab99dd366e1
Ubuntu Security Notice 3483-1 - Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code.
c5974496315c37ff8d245632d3a2ae6be3dd391bc2a8aa050f67084715de0758
Gentoo Linux Security Advisory 201711-16 - Multiple vulnerabilities have been found in CouchDB, the worst of which could lead to the remote execution of arbitrary shell commands. Versions less than 1.7.1 are affected.
1637e4fbe6d399b8b711ad956330ad1c1baaed2b7f7cef8cb47f94e57500c620
Gentoo Linux Security Advisory 201711-15 - A vulnerability was discovered in PHPUnit which may allow an unauthenticated remote attacker to execute arbitrary PHP code. Versions less than 5.7.15-r1 are affected.
9b4947c3c24d75db1037819eee08b14cfcffd83fd45d3f59e2210d5444b68f2c